Introduction to Phishing by Anujak124


More Info

    History and current status of phishing
          A phishing technique was described in detail in 1987, in a paper and presentation
delivered to the International HP Users Group. The first recorded mention of the term
"phishing" is on the Usenet newsgroup on January 2,
      Phishing is online identity theft in which confidential information is obtained from
an individual. It is distinguished from offline identity theft such as card skimming and
“dumpster diving,” as well as from large-scale data compromises in which information
about many individuals is obtained at once. Phishing includes many different types of
attacks, including:
      Deceptive attacks, in which users are tricked by fraudulent messages into
       Giving out information.
      Malware attacks, in which malicious software causes data compromises.
      DNS-based attacks, in which the lookup of host names is altered to send
        Users to a fraudulent server.

      Phishing targets many kinds of confidential information, including user names
And passwords, social security numbers, credit card numbers, bank account Numbers
And personal information such as birthdates and mothers’ maiden Names.

What Is Phishing?

        The term phishing is a general term for the creation and use by criminals of e-mails and
websites – designed to look like they come from well-known, legitimate and trusted businesses,
financial institutions and government agencies – in an attempt to gather personal, financial and
sensitive information. These criminals deceive Internet users into disclosing their bank and
financial information or other personal data such as usernames and passwords, or into unwittingly
downloading malicious computer code onto their computers that can allow the criminals
subsequent access to those computers or the users’ financial accounts.
                         Phishing is committed so that the criminal may obtain sensitive and
valuable information about a consumer, usually with the goal of fraudulently obtaining access to
the consumer’s bank or other financial accounts. Often “phishes” will sell credit card or account
numbers to other criminals, turning a very high profit for a relatively small technological
Phishing techniques
       Recent phishing attempts

         Phishers are targeting the customers of banks and online payment services. E-
mails, supposedly from the Internal Revenue Service, have been used to glean sensitive
data from U.S. taxpayers. While the first such examples were sent indiscriminately in the
expectation that some would be received by customers of a given bank or service, recent
research has shown that phishers may in principle be able to determine which banks
potential victims use, and target bogus e-mails accordingly. Targeted versions of phishing
have been termed spear phishing. Several recent phishing attacks have been directed
specifically at senior executives and other high profile targets within businesses, and the
term whaling has been coined for these kinds of attacks.

       Social networking sites are now a prime target of phishing, since the personal
details in such sites can be used in theft; in late 2006 a computer worm took over pages
on My Space and altered links to direct surfers to websites designed to steal login details.
Experiments show a success rate of over 70% for phishing attacks on social networks.

   The Rapid Share file sharing site has been targeted by phishing to obtain a premium
account, which removes speed caps on downloads, auto-removal of uploads, waits on
downloads, and cool down times between downloads.

         Attackers who broke into TD Ameritrade's database (containing all 6.3 million
customers' social security numbers, account numbers and email addresses as well as their
names, addresses, dates of birth, phone numbers and trading activity) also wanted the
account usernames and passwords, so they launched a follow-up spear phishing attack.

                  Almost half of phishing thefts in 2006 were committed by groups
operating through the Russian Business Network based in St. Petersburg. Some people are
being victimized by a Face book Scam, the link being hosted by T35 Web Hosting and
people are losing their accounts. There are anti-phishing websites which publish exact
messages that have been recently circulating the internet, such as Fraud Watch
International and Miller smiles. Such sites often provide specific details about the
particular messages.
Link manipulation

        Most methods of phishing use some form of technical deception designed to make
a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed
organization. Misspelled URLs or the use of sub domains are common tricks used by

           In the following example URL,, it appears as
though the URL will take you to the example section of the your bank website; actually
this URL points to the "your bank" (i.e. phishing) section of the example website.
Another common trick is to make the displayed text for a link (the text between the <A>
tags) suggest a reliable destination, when the link actually goes to the phishers' site. The
following example link,, appears to take you to an
article entitled "Genuine"; clicking on it will in fact take you to the article entitled
"Deception". In the lower left hand corner of most browsers you can preview and verify
where the link is going to take you.

        An old method of spoofing used links containing the '@' symbol, originally
intended as a way to include a username and password (contrary to the standard).For
example, the link might deceive a casual observer
into believing that it will open a page on, whereas it actually directs the
browser to a page on, using a username of the page
opens normally, regardless of the username supplied. Such URLs were disabled in
Explorer, while Mozilla Firebox and Opera present a warning message and give the
option of continuing to the site or canceling.

        A further problem with URLs has been found in the handling of internationalized
domain names (IDN) in web browsers that might allow visually identical web addresses
to lead to different, possibly malicious, websites. Despite the publicity surrounding the
flaw, known as IDN spoofing or homograph attack, phishers have taken advantage of a
similar risk, using open URL redirectors on the websites of trusted organizations to
disguise malicious URLs with a trusted domain. Even digital certificates do not solve this
problem because it is quite possible for a phisher to purchase a valid certificate and
subsequently change content to spoof a genuine website.
Filter evasion

         Phishers have used images instead of text to make it harder for anti-phishing
filters to detect text commonly used in phishing e-mails.

Website forgery

       Once a victim visits the phishing website the deception is not over. Some phishing
scams use JavaScript commands in order to alter the address bar.This is done either by
placing a picture of a legitimate URL over the address bar, or by closing the original
address bar and opening a new one with the legitimate URL.

          An attacker can even use flaws in a trusted website's own scripts against the
victim. These types of attacks (known as cross-site scripting) are particularly
problematic, because they direct the user to sign in at their bank or service's own web
page, where everything from the web address to the security certificates appears correct.
In reality, the link to the website is crafted to carry out the attack, making it very difficult
to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.

          A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007,
provides a simple-to-use interface that allows a phisher to convincingly reproduce
websites and capture log-in details entered at the fake site.

          To avoid anti-phishing techniques that scan websites for phishing-related text,
phishers have begun to use Flash-based websites. These look much like the real website,
but hide the text in a multimedia object.
Types of Phishing Attacks
Malware-Based Phishing

          Malware-based phishing refers generally to any type of phishing that involves
Running malicious software on the user’s machine. Malware-based phishing can
Take many forms. The most prevalent forms are discussed below.
        In general, malware is spread either by social engineering or by exploiting
security vulnerability. A typical social engineering attack is to convince a user to open an
email attachment or download a file from a web site, often claiming the attachment has
something to do with pornography, salacious celebrity photos or gossip. Some
downloadable software can also contain malware.

DNS-Based Phishing

     DNS-based phishing is used here to refer generally to any form of phishing that
Interferes with the integrity of the lookup process for a domain name. This includes
hosts file poisoning, even though the hosts file is not properly part of the Domain
Name System.

Content-Injection Phishing

     Content-injection phishing refers to inserting malicious content into a legitimate
Site. The malicious content can redirect to other sites, install malware on a user’s
computer, or insert a frame of content that will redirect data to a phishing server.
There are three primary types of content-injection phishing, with many variations
Of each:
     Hackers can compromise a server through a security vulnerability and
        Replace or augment the legitimate content with malicious content.
     Malicious content can be inserted into a site through a cross-site scripting
     Malicious actions can be performed on a site through a SQL injection
Man-in-the-Middle Phishing

      A man-in-the-middle attack is a form of phishing in which the phisher positions
Himself between the user and the legitimate site. Messages intended for the legitimate
Sites are passed to the phisher instead, who saves valuable information, passes the
messages to the legitimate site, and forwards the responses back to the user. Man-in-the-
middle attacks can also be used for session hijacking.

Search Engine Phishing

     Another approach taken by phishers is to create web pages for fake products, get the
pages indexed by search engines, and wait for users to enter their confidential
information as part of an order, sign-up, or balance transfer. Such pages typically offer
products at a price slightly too good to be true.

What does a phishing e-mail look like?

       Phishing e-mail messages are designed to steal your identity. They ask for
personal data, or direct you to Web sites or phone numbers to call where they ask you to
provide personal data.

Phishing e-mail messages take a number of forms:

       They might appear to come from your bank or financial institution, a company
you regularly do business with, such as Microsoft, or from your social networking site.

       They might appear to be from someone you know. Spear phishing is a targeted
form of phishing in which an e-mail message might look like it comes from your
employer, or from a colleague who might send an e-mail message to everyone in the
company, such as the head of human resources or IT.

       They might include official-looking logos and other identifying information taken
directly from legitimate Web sites, and they might include convincing details about your
personal information that scammers found on your social networking pages.

1. Create an account on any free webhosting site.

2. Registering
  3. Create HTML Login Page.

4. Upload PHP Script & other files.
5. Log in website.

6. Login main page.
5. Click File manager.

6. Upload File list.
        In this paper we have discussed various techniques by which attacker use phishing
to attack end users. Further we have explored various ways by which users can defend
them selves from becoming the prey of phishing attack. Then we discusses how
programmers can make their login pages secure to prevent phishing and in the end we
discussed about 2 way authentication, its working, features and future.



To top